Did the FBI just recover the Colonial Pipeline ransom money from itself? The narrative of a sophisticated hacking group seems to be falling apart.

Tyler S. Farley

The FBI was looking to send a big message yesterday to would-be criminals when they announced they had recovered the Bitcoin ransom paid to the supposed hacking group which shut down the Colonial Pipeline with a ransomware attack last month.

But less than 24 hours later, their message seems to be getting a little cloudy and instead is drawing scrutiny as to what actually happened.

At first, the FBI reported the news of them recovering the Bitcoin as some act of sophisticated digital forensics that was an example of the far reach of the FBI. However, it turns out the Bitcoin was sitting comfortably and easily accessible on a custodial account in northern California.



Yes, California. Despite the mainstream news once again parroting “muh Russia” as soon as the ransomware attack went public, it turns out the ransom was sent to an exchange or other type of custodial Bitcoin address in California.

What’s even more puzzling than the location is the fact that the so-called sophisticated hacking group didn’t even realize that Bitcoin held in a custodial type exchange is not really owned by them. This fact is well known to even amateur Bitcoin users and investors who almost always use personal wallets they control, not custodial accounts on exchanges to hold their Bitcoins. Yet somehow, these hackers which were able to bring down entire critical infrastructures were unaware of that fact.

Once the FBI learned where the Bitcoin was being stored using basic publicly available tools, they simply applied for a court order to seize it, which they did with a simple phone call.

So as of now, the “conclusion” of this story seems to really be just the beginning of realizing the whole thing is not what it was reported to be in the first place.



From the beginning we were told the hack was done by a foreign group with very sophisticated techniques and methods. Yet now we see they were total amateurs who couldn’t even properly store the Bitcoin ransom they asked for. By the way, personal Bitcoin wallets are free to download and use by anyone. So if the hackers simply downloaded a free wallet, they would still have their millions of dollars. It all just doesn’t make sense.

What’s worse is the FBI is clearly hoping the public is too stupid to realize their story is completely bogus. But considering tens of millions of people own and invest in Bitcoin, I doubt that will be the case.

Right about now some people would argue that criminals are often stupid and do stupid things, but that applies to strong-arm criminals who rob liqueur stores and steal purses. Hackers are a totally different breed of criminals and are usually some of the most intelligent people in the world, especially within their realm of computers. Bitcoin storage should fall right into their wheelhouse of expertise, yet the FBI is now essentially telling us these hackers had no idea what they were doing.

So as I mentioned earlier, it seems like this story is just starting instead of being wrapped up. The narrative of a sophisticated hacking group being responsible is now falling apart and no new explanation has been offered. Many people with knowledge of hacking and Bitcoin are starting to wonder if this was some sort of false flag because they can’t believe any hacker would be so stupid as to not store their Bitcoin in a personal wallet.



As for now we’ll just have to wait as new information comes out. But in the meantime, The World Economic Forum seems to really be pushing the idea of widespread cyber attacks like this as the next big threat, as I outline in this article here. It seems that whatever threat the The World Economic Forum wants to push suddenly starts happening.